Vulnerability remediation to disable specific ciphers when TLS 1.2 is enabled in global settings (309493)

Chat now with support

Return

Feedback submitted.

Was this article helpful?

[Select Rating]

Title

Vulnerability remediation to disable specific ciphers when TLS 1.2 is enabled in global settings
Description

Identified vulnerabilities in TPAM. Require some TLS ciphers could be disabled.
Cause

vulnerability scan identified ciphers on TLS 1.1 and 1.2 that customer deem to be weak. The concerned ciphers are below:
| TLSv1.1:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp521r1)
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp521r1)
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) TLS_RSA_WITH_AES_128_CBC_SHA
| (rsa 2048)
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp521r1)
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp521r1)
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) TLS_RSA_WITH_AES_128_CBC_SHA
Resolution

In the next release, 2.5.923, specific ciphers will be disabled when TLS 1.2 is enabled and TLS 1.1 is disabled in global settings. There is no ETA.

Feedback submitted.

Was this article helpful?

[Select Rating]

Title